Kategorien

Meta

With the new windows 10 version in place, App-V is integrated into the operating system. Probably you wonder what will happen to machine that gets an inplace upgrade with an installed App-V Client?

The cache stays and the App-V application gets uninstalled and the App-V feature gets enabled. So it should be a flawless migration from Windows 10 – 1511 with a current App-V Client to Windows 10-1607.

one of the main security issues with windows is pass the hash. I added some functions to the Mimikatz Powershell script that can be found here.

The functions that make the usage of mimikatz more easy. Just add these functions to the end of the mimikatz script and launch the script. Then the functions are in memory and available functions will be shown.

I had a discussion with a colleague yesterday about what is happening with Citrix on a long term. My answer was Microsoft will buy them! Why? There are multiple small pieces that if you put them together the picture might look like that

1. the new Citrix CEO Kirill Tatrinov was originally working for Microsoft. Did you heard already anything from him? I did not hear any noise except that his Synergy keynote was not very well received. Maybe he is not really interested in keynotes because he is preparing something else?

2. Citrix sold all departments, that are totally not interesting for Microsoft like the whole online stuff. Microsoft already has products in this area that would compete with this – like skype for business vs gotomeeting.

3. Microsoft retired TMG – so they have nothing at the endpoint to the internet – their new strategy is cloud first, mobile first – would not netscaler fit perfectly?

4. Server 2016 has not much additional features announced for RDSH, it is an optimized gateway that host more users (indeed I heard they found a bug), multipoint server, OpenGL Support. That’s pretty it – so probably they just don’t develop that much anymore.

Probably a hidden feature in AppDNA is the possibility to create App-V packages. This can happen full automated. Honestly I don’t see AppV in general as an OS Compatibility mitigation technology. From my perspective if solves interoperability issues and migth ease deployment.

But if you are allowed to use AppDNA probably is is even a cool solution to optimize your current packaging process. What you need:

– AppDNA Server– A VDI sequencer machine– A VDI machine with an App-V Client– Service Account with local admin rights on the machines– a service account that can control your VDI on the hypervisor (Create snapshot and revert)

What you need in the first step is a hypervisor and a virtual machine. AppDNA will use this machine to create the sequence but you can still interact during the sequencing process if you want. Prepare the following for step 1:

A vritual machine with an installed sequencer, the “Citrix AppDNA VM Configuration.msi” needs to be installed. This tool will allow the AppDNA server to talk to the virtual machine. Because the agent is embedded in the RUN key you should also enable Autologon probably with the same named sysinternals tool. This will allow, that the agent starts after AppDNA resets the machine in a later step. Also don’t forget the standard cleanup tasks for your sequencer machine like disabling windows search or defender. Create now a snapshot.

What you need then to do in AppDNA:

Configure –> Solutions –> AppV

Define a name for the solution

Define a network share (if you Test it tells you which files AppDNA would like to store there)

Here is the screen for defining the two VMS – the first is the sequencer the second a test machine – select “Add VM”

Next

Define your hypervisor

The service account to manage your hypervisor

Select the sequencing machine

Select or create a snapshot and check “Do not show the VM Console”

After this step AppDNA will reset your virtual machine to the snapshot

Here you define the name of your virtual machine – you should use an FQDN. The port is the default port used by the AppDNA agent. If your fails probably the computer is not logged in or AppDNA reverted to the wrong snapshot (happened to me under certain circumstances – now I only have one snapshot)

Define the output file share

Select what AppDNA should do with your VM

Here you get the summary

Repeat this steps for the second virtual machine

You should get this then

Here you can chose no to speed up

Nearly ready

Define how AppV Packages should be generated.

You are ready – press close.

Now you can use use solution to sequence applications that were imported to AppDNA!

I was lately at a customer where we had some weird behavior so we checked all kind of stuff and realized, that all machines had the same sid. From my perspective this should not be an issue since Mark Russinovich released this article. The only issues persists, if two domain controllers have the same SID.

Then I checked with a couple of colleagues how it is in their environment, that is running smooth – and – all SIDs were the same. So it seems to be standard, that MCS is not changing the SID.

Another issue we found, is that MCS created always full clones on a VMWare based environment. This should only happen in a XenServer environment. The problem is, that the customer only had Terminal Server and not VDI. And MCS in combination with terminal Server images has no choice how the VMs should be deployed. If you look into in Citrix Studio for the powershell command, you can see, that the machines are created as full clone. Saying that it means, that if you want linked clones you cannot use the console but need to use a powershell script.

I am happy that I will attend brofurum london as a speaker on 19-20. mai 2016.

I will speak about how people might have attacked your domain by using the pass the hash method. From my believing most domains should be “infected” because it is ridiculous easy. Hope to see you on briforum. More content I will release here after my presentation. Attached a tool that I might use – please do not use this tool on your Computers!!!!